Popularity has a price, and Android OS users are paying that price by having to put with an increasing amount of malwares, viruses and adware—among many others.
The number of Android threats can exceed 1 million by the end of 2013.
According to a recent report by Trend Micro, Google's Android OS is extremely susceptible to attacks from cybercriminals. These criminals can invade mobile devices and steal confidential information via various routes that range from the installation of fraudulent apps posing as legitimate apps to phony texts from scammers.
The top three threat types include premium service abuser, adware, and data stealer. Malicious downloader, rooter, and click fraudster round out the bottom three. Premium service abuser took the top spot as the main threat to Android users. As the name suggests, premium service abuser will, for instance, send a premium text or call without permission and then leaving the user with the bill. Cybercriminal favors premium service abuser for tapping into people’s wallet because it is “simpler to create and less risky to use compared to committing credit card fraud or distributing fake antivirus.”
Android users are vulnerable to these threats every day, with or without them knowing about it.
Data stealers are also becoming an increasingly popular method for cybercriminals to deploy their dirty deeds. These types of attacks will hi-jack a user’s phone and leave people’s private data completely open for the taking. Frequently stolen confidential information includes:
- Application Programming Interface (API) key, a value used to authenticate service users
- Application ID
- Contact list
- International Mobile Station Equipment Identity (IMEI), a number used to identify mobile devices
- International Mobile Subscriber Identity (IMSI), a number used to identify subscribers in a network
- Network Operator
- Phone ID and model
- Phone number
- Text message
To make problems worse, Trend Micro also stated in their report that the Android OS itself is full of holes—on both the OEM side and Google side—that eventually become avenues for criminals to attack people’s mobile devices. One such avenue is the dialer app found on certain smartphones that can execute Unstructured Supplementary Service Data (USSD) codes which, along with other malicious codes, can lead to the attacker being able to wipe data from a device.
Many people in high GDP countries are relying on their mobile Android devices to store critical personal data.
Samsung, the most prolific distributor of Android gadgets, is currently also facing issues with its Exynos driver. Recently, devs discovered that an Exynos driver vulnerability would allow attackers to gain complete control over the device.
The Android eco-system is growing faster than E. coli on a petri dish, so it shouldn’t surprise anyone that petty thieves and evil-doers are out to take advantage of gullible Android followers. To help mitigate the problems associated with owning and using an Android OS device, Trend Micro is advising people to use the device’s built-in security features, research apps before downloading and installing, always check app permissions before installing, check for software updates regularly—though Android OEMs are notorious for their lack of software support, and pay for a security app.